<?php
/**
  * wechat php test
  */

//define your token
define("TOKEN", "add9f71512ba443b7405cf615d1cf5e0");
$wechatObj = new wechatCallbackapiTest();
$wechatObj->responseMsg();

class wechatCallbackapiTest
{
	public function valid()
    {
        $echoStr = $_GET["echostr"];

        //valid signature , option
        if($this->checkSignature()){
        	echo $echoStr;
        	exit;
        }
    }

    public function log($data){
        file_put_contents("data.log", $data, FILE_APPEND);
    }

    public function responseMsg()
    {
		//get post data, May be due to the different environments
		$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
        $this->log($postStr);
      	//extract post data
		if (!empty($postStr)){
                /* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection,
                   the best way is to check the validity of xml by yourself */
                libxml_disable_entity_loader(true);
              	$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
                $fromUsername = $postObj->FromUserName;
                $toUsername = $postObj->ToUserName;
                $type = $postObj->MsgType;
                $keyword = trim($postObj->Content);
                $time = time();
                $textTpl = "<xml>
							<ToUserName><![CDATA[%s]]></ToUserName>
							<FromUserName><![CDATA[%s]]></FromUserName>
							<CreateTime>%s</CreateTime>
							<MsgType><![CDATA[%s]]></MsgType>
							<Content><![CDATA[%s]]></Content>
							<FuncFlag>0</FuncFlag>
							</xml>"; 
                if($type == 'event' && $postObj->Event == "subscribe" )
                {
                    $msgType = "text";
                    $contentStr = "欢迎关注!";
                    $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
                    echo $resultStr;
                }            
				if($keyword == '哈哈' )
                {
              		$msgType = "text";
                	$contentStr = "小帅哥快来玩啊!";
                	$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
                	echo $resultStr;
                }

                $article = array(
                    array(
                    'Title' => '百度',
                    'Description' => '百度一下，你就知道了',
                    'PicUrl' => 'https://ss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/logo/logo_white_fe6da1ec.png',
                    'Url' => 'http://www.baidu.com/',
                    ),
                    array(
                    'Title' => '新浪微博',
                    'Description' => '新浪微博，看世界',
                    'PicUrl' => 'http://weibo.com/u/2392694417/home?topnav=1&wvr=6&mod=logo',
                    'Url' => 'http://weibo.com/',
                    )
                );
                if($keyword == '网页' )
                {

                    $textTpl = '<xml>
                    <ToUserName><![CDATA[%s]]></ToUserName>
                    <FromUserName><![CDATA[%s]]></FromUserName>
                    <CreateTime>%s</CreateTime>
                    <MsgType><![CDATA[news]]></MsgType>
                    <ArticleCount>%s</ArticleCount>
                    <Articles>';
                    foreach ($article as $a) {
                    $textTpl .= '<item>
                    <Title><![CDATA['.$a["Title"].']]></Title> 
                    <Description><![CDATA['.$a["Description"].']]></Description>
                    <PicUrl><![CDATA['.$a["PicUrl"].']]></PicUrl>
                    <Url><![CDATA['.$a["Url"].']]></Url>
                    </item>';
                    }
                    $textTpl .= '</Articles>
                    </xml>';
                    $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, count($article));
                    echo $resultStr;
                }

        }else {
        	echo "";
        	exit;
        }
    }
		
	private function checkSignature()
	{
        // you must define TOKEN by yourself
        if (!defined("TOKEN")) {
            throw new Exception('TOKEN is not defined!');
        }
        
        $signature = $_GET["signature"];
        $timestamp = $_GET["timestamp"];
        $nonce = $_GET["nonce"];
        		
		$token = TOKEN;
		$tmpArr = array($token, $timestamp, $nonce);
        // use SORT_STRING rule
		sort($tmpArr, SORT_STRING);
		$tmpStr = implode( $tmpArr );
		$tmpStr = sha1( $tmpStr );
		
		if( $tmpStr == $signature ){
			return true;
		}else{
			return false;
		}
	}
}

?>